Heartbleed Critical Vulnerability in OpenSSL

The security community is actively discussing over this week the openssl vulnerability that allows attacker to exploit the Heartbeat TLS and receive 64KB in the RAM memory. The attack can be repeated continuously to get sensitive information from end users such as their passwords.

Many online servers were affected by this critical vulnerability while patching openssl will not totally solve the situation. Administrators need to install new certificate for the servers and all account passwords should be changed.

The vulnerability was reported last Friday by codenomicon and on Monday a security fix were released and included in openssl 1.0.1g. Script based on python for Nmap were also issued to detect the vulnerable server and published for testing any active bug.

Heartbleed is one of the more serious bugs up to now because the attacker can take all the information without any traces which makes it complex to monitor and identify the attack. The real number of the attack is unknown up to now.

This makes that security testing for software’s and programs is one of the best way to secure the applications and end users and such glitches can rise at any moment. If you are using openssl make sure that you have applied the entire security requirement and you can also use snort signature to detect and monitor Heartbleed exploitation on your facilities.